Oregon has some of the nation's strongest laws shielding reproductive care, gender-affirming care, immigrants, and protesters. But those laws bind Oregon agencies — not a private company in Arizona holding our data in the cloud. Here's the gap, in plain language.
When Bend Police store surveillance data — body camera video, license plate reads, location records — in a vendor's cloud, that data physically leaves Oregon's control. Oregon's shield laws can stop Oregon from handing it over. They can't directly stop another state or a federal agency from serving the vendor with legal process. The strongest protection isn't a promise in a contract — it's making sure the data is never something the vendor can hand over in readable form.
These are four distinct laws, not one blanket “shield law.” Each protects different people in a different way — and each was written assuming the data stays in Oregon's hands.
Declares Oregon policy protecting reproductive and gender-affirming health care, limits cooperation with out-of-state or federal enforcement targeting that care, and makes certain records confidential.
Bar state and local agencies from helping federal immigration enforcement without a judicial warrant, and require non-judicial federal immigration requests to be documented, reported, and denied. (ORS 180.805/.810; 181A.820–.829)
Prohibits Oregon law enforcement from collecting or keeping information about people's political, religious, or social views and activities unless directly tied to a criminal investigation.
Limits ALPR use, caps retention at 30 days, restricts sharing with non-Oregon agencies, bars vendors from selling or disclosing plate data, and allows civil action against vendors that misuse it.
The problem isn't that the laws are weak. It's that the data lives somewhere the laws don't reach. Walk through what happens when an outside demand arrives.
Bend uploads surveillance data to a vendor's cloud. The vendor — and the subcontractors it chooses for storage — may sit in other states. Ownership stays with Bend, but physical custody does not.
Another state's court, or a federal agency, serves the vendor directly — not Bend. Think a subpoena for plate reads, or a warrant for location data tied to a name or a protest.
Standard vendor contracts promise not to disclose data except when compelled by a court or required by law. That's a notice-and-comply structure, not a commitment to refuse.
The vendor may notify Bend (if not legally barred from doing so), but it's then on Bend to intervene — possibly in another state's court, against federal process — to try to block it. Oregon's shield laws don't give Oregon courts the power to quash a demand issued elsewhere.
Oregon State Police have been sued for allowing federal immigration authorities to query Oregonians' driving and criminal records — reportedly on the order of a million times a year. That's the kind of cross-jurisdiction data access these shield laws were written to prevent. The same pressure can apply to any sensitive data sitting in a commercially reachable cloud:
In each case, Oregon's protections become harder to enforce the moment the data is in someone else's hands. The City may be left relying on notice, intervention, and contract terms rather than on direct control of the data.
A vendor can only hand over what it can actually access. The most reliable safeguards make sensitive data unreadable to the vendor — or keep it out of the cloud entirely.
End-to-end encryption with City-held keys. If only Bend can decrypt the data, the vendor cannot produce a readable copy under legal process.
Data minimization. Don't routinely upload the most sensitive categories to the cloud unless there's exclusive key control or an equivalent technical safeguard.
Short retention. Data that no longer exists can't be demanded. SB 1516's 30-day cap for non-investigative plate data is a model.
Redirect-and-notify clauses with teeth. Require the vendor to route every third-party legal request to the City and to resist disclosure, not merely notify after the fact.
A legal opinion before expanding. Ask the City to analyze how Oregon's shield laws interact with out-of-state and federal process if the vendor — not Bend — receives the demand.
Oregon's shield laws are strong, but they protect Oregon's conduct. They can't reach into another state's courtroom or a federal agency's process. The only protection fully within Bend's control is technical: data the vendor cannot read is data the vendor cannot hand over.
If this concern resonates, you can put it on the record. Copy the message below, personalize the bracketed parts, and email it to council@bendoregon.gov. It asks the City to get a legal opinion before expanding — a reasonable, hard-to-dismiss request.